AML Policy

Bit 2 Invest is committed to protecting your privacy and maintaining the security of any personal information that we receive from you.

What is the purpose of this policy?

The purpose of this policy is to explain to you what personal information we collect and how we and our associated companies may use it. Companies are associated with us if they are our subsidiaries or we are both subsidiaries of the same corporate entity.

We are the controller of any personal information that you provide to us, which means that we decide the purposes and means of the processing of that personal information.

How do we obtain and store your personal information?

We obtain your personal information through applications, emails, letters, telephone calls, text messages, cookies, and conversations when you register in our services and work with them (including the personal information gained when you use our learning tools, demo accounts, and trading simulators).

We may monitor or record phone calls with you and monitor (and maintain a record of) all emails and electronic communications we send or receive.

We follow strict security procedures in the storage and disclosure of the personal information that you have given to us to prevent unauthorized access.

What types of personal information do we collect and process?

  • name
  • contact details including email details and phone numbers
  • customer names and passwords
  • information related to your trading account including your account history, activity, and orders
  • IP address
  • transaction reporting reference
  • phone device type
  • operating system
  • device ID
  • cookie ID
  • Google 360 ID
  • GUID
  • information about your use of our services, products, and facilities (including information gained when you use our learning tools, demo accounts, and trading simulators)
  • bank account number
  • usage data.

How do we use your personal information?

As well as checking your identity, the personal information we hold may be used for:

  • considering any of your applications
  • carrying out risk assessments
  • complying with our legal and regulatory obligations
  • performing our obligations under any contract we have with you
  • administering our relationship with you including resolving queries or issues
  • establishing and managing your account
  • reviewing your ongoing needs
  • providing you with the information, products, and services that you request from us
  • checking your instructions to us
  • investigating any complaint you may make
  • providing evidence in any dispute or anticipated dispute between you and us
  • recovering amounts payable
  • training our staff
  • enhancing our customer service and products
  • undertaking product development and analysis
  • detecting or preventing fraud or other crimes
  • analytics, inter alia, with the help of the following services of Google Inc. and Facebook Inc.:
    • Google Ads conversion tracking (Place of processing: U.S. – Privacy Policy)
    • Google Analytics (Place of processing: U.S. – Privacy Policy)
    • Google Tag Manager (Place of processing: U.S. – Privacy Policy)
    • Facebook Ads conversion tracking (Place of processing: U.S. – Privacy Policy)
    • Display Advertising extension for Google Analytics (Place of processing: U.S. – Privacy Policy)
  • contacting you—we may send you marketing material from time to time by post, email, telephone, SMS, mobile push notifications, web push notifications, messengers (Viber, Telegram, Facebook messenger, and others), or other electronic messaging services

When may we share your personal information?

  • relevant regulatory or tax authority
  • such third parties as we reasonably consider necessary in order to prevent crime, for instance, the police
  • our associated companies
  • third-party service providers and advisers who provide us with administrative, financial, research, or other services in connection with the services we provide to you
  • our introducing brokers and other commercial partners
  • our professional advisers
  • our auditors for the purposes of carrying out financial and regulatory audits
  • our agents, including credit reference agencies, acting on our behalf, carrying out such credit and identity checks, including money laundering checks, compliance regulatory reporting, and fraud prevention checks
  • courts, tribunals, regulatory or tax authorities, and government agencies to enable us to enforce our agreement with you or to comply with the requirements of a court, regulator, tax authority, or government agency
  • our trade repository
  • other parties which may be necessary to involve in order to provide the best service to you as our customer.

Generally, we require that organisations outside our associated companies with whom we share your personal information acknowledge the confidentiality of your data, undertake to respect your right to privacy, and comply with the data protection principles and this policy.

How may we share your personal information?

The info we may collect is anonymous and will help us improve your user experience with our mobile application even better!

We may gather info and use a third-party service to understand how you interact with our app, view bugs and crashes, provide customer support, and even enhance or improve your accessibility within the app.

This information is a great benefit to you.

The third-party service we use is Smartlook.com.

To provide those benefits, we sometimes may need to collect and transfer anonymised data, such as the features used in the app, what users are tapping or swiping on, which screenshots are being captured, and identify the virtual device.

Rest assured that none of the anonymous data we may collect involves personal or financial information, other sensitive data, or user-generated private content. Also, any data we may transmit will not include your device’s camera, microphone, or other user inputs. All transmitted data are protected by SSL encryption.

What is the legal basis for our processing of personal information?

The legal basis for our processing of personal information will depend on why we process your personal information.

Where you wish to enter into or have signed a contract to receive services from us, we will process your personal information to enable us to enter into and perform our contract with you. If you do not provide the personal information requested, we may not be able to provide some or all of those services to you.

We may also need to process your personal information to comply with our legal and regulatory obligations including in relation to performing anti-money laundering, terrorism prevention, and sanctions screening checks, complaints, and investigations or litigation.

We also have a legitimate interest to process your personal information for:

  • performing the services or supplying the products or information you have agreed to receive from us
  • ongoing management of our relationship with you and to maintain contact with you
  • our internal business purposes which may include business and disaster recovery, document retention/storage, IT service continuity (for example, back-ups and helpdesk assistance) to ensure the quality of the services we provide to you
  • corporate transactions
  • marketing analytics including marketing campaign optimization and web analytics to enable us to develop and target the marketing of our products and services
  • keeping our records updated and studying how customers use our products/services
  • developing our products and services, growing our business, and informing our marketing strategy
  • defining the types of customers for our products and services and keeping our website(s) and platform(s) updated and relevant
  • portfolio analysis and experience studies to enable us to improve the products and services we offer to customers.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

What is the place of processing?

The data is processed at our operating offices and in any other places where the parties involved in the processing are located.

Depending on your location, data transfers may involve transferring your personal information to a country other than yours. To find out more about the place of processing of such transferred personal information, you can check the ‘Using Your Personal Information’ section.

Please note that we use third-party providers to store personal data; therefore, we may transfer your personal data to a provider's data storage facility in a different country.

How long will we keep it?

We hold personal information about you on electronic and/or paper files whilst you are a customer and for at least three years after you cease to be a customer. Please note that pursuant to the applicable anti-money laundering and terrorist financing legislation some of your personal information must be retained for a term of seven years. Such personal information includes:

  • name, family name, patronymic name (if any)
  • residential address
  • age/date of birth
  • passport details
  • photos of your identity documents
  • information regarding deposits to and withdrawals from your account, the currency and the amounts of such deposits and withdrawals
  • information regarding your trading activities
  • telephone number
  • email address
  • communication history with the support (chats/emails/calls).

In addition, the above data shall be stored for our defence of legal claims during the limitation periods envisaged by the applicable legislation.

Please be informed that the above personal information will be encrypted and securely stored in our IT system, will not be used for any purposes other than for the purposes indicated above and will be erased from our system at the expiration of the seven-year period. Please be assured that access to the above personal information will be restricted during the whole period of storage.

What is a Cookie and why do we use it?

Cookies are small pieces of information that are stored on your computer by a website you visit in order to enable you to perform certain functions on the website and regulate its content to your preference. They can store data on the pages for which you have provided key information (for example, when you provide a password), but only once you are asked and you accept the storage of this information. Cookies may be used on some pages of the site for us to provide you with a more customised web browsing experience. They are not used to determine the personal identity of anyone merely visiting the site.

Types of cookies we use:

  • Session cookies
    These cookies are temporary cookies as they are deleted as soon as you close your browser. Session cookies are used to retain the information you provide us with as you navigate through each section of our website. You can choose to decline session cookies via your browser’s privacy settings but please note that this may have a negative impact on your browsing experience and particularly if these are declined across all websites.
  • Analytical cookies
    Analytical cookies may include both temporary and more persistent cookies that we use to track how you use our website and for how long. Analytical cookies do not divulge any identifying information specific to your person but they do help us improve how we provide you with our content. Refer to your browser’s privacy settings on how you can opt out of analytical cookies.
  • Functional cookies
    Functional cookies record and save your choices in order to provide a more seamless experience across our website. One way functional cookies do this is by remembering your language selection each time you visit us. Refer to your browser’s urgent privacy settings on how you can opt out of functional cookies.
  • Third-party cookies
    These cookies are used by third parties and mostly by social media websites like Google+, Facebook, or YouTube. Third-party cookies allow us to offer you easy ways to share our content throughout your social media and also present you with the videos we post on YouTube. You can disable the use of these cookies through your browser’s privacy settings but please do note that this will also disable all the functions described above.

As already mentioned, we use cookies to ensure the optimal functionality of our website and cater our content to your personal preferences. If you have further questions, please do not hesitate to contact your SC-FC broker.

If you are unhappy about any aspect of the way we collect, share, or use your personal information, we would like you to tell us. You can contact us via your broker.

What are your privacy rights?

This section explains your rights in relation to your personal information in more detail.

ACCESSING YOUR PERSONAL INFORMATION

When can you request access?

You have the right to:

  • confirm that your personal information is being processed
  • access your personal information.

You can request copies of the paper and electric records about you that we hold, share, or use. To deal with your request, we can request proof of identity and enough personal information to enable us to locate the personal information you request.

When will access not be provided?

We can only provide you with your personal information, not personal information about another person. Also, where access would adversely affect another person’s rights, we are not required to provide this. Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.

Please clearly set out in your access request the personal information that you are requesting. If this is not clear, we may come back to you to ask for further personal information by way of clarification.

CORRECTING YOUR PERSONAL INFORMATION

How can you correct your personal information?

You have the right to obtain from us without undue delay the rectification of inaccurate personal information concerning you. If you tell us that the personal information we hold on you is incorrect, we will review it and if we agree with you, we will correct our records. If we do not agree with you, we will let you know. If you wish, you can tell us in writing that you believe our records still to be incorrect and we will include your statement when we give your personal information to anyone outside of our company.

You may also have the right to have incomplete personal information completed, including by means of providing a supplementary statement. Whether or not this is appropriate in any particular case depends on the purposes for which your personal information is being processed.

We need to notify any third parties with whom we have shared your personal information that you have made a rectification request. We will take reasonable steps to do this, but if it is not possible or may involve disproportionate effort we may not be able to do this or ensure they rectify the personal information they hold.

What are the limitations on access to and correcting your personal information?

Generally, we will let you see the personal information that we hold about you, or take steps to correct any inaccurate personal information, if you ask us in writing.

Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.

ERASING YOUR PERSONAL INFORMATION

When can you request erasure?

You have a right to have your personal information erased, and to prevent processing, where:

  • the personal information is no longer necessary for the purpose it was originally collected/processed
  • you withdraw consent (where previously provided)
  • you object to the processing and our legitimate interests in being able to keep processing your personal information do not take priority
  • we have been processing your personal information in breach of data protection laws
  • the personal information has to be erased in order to comply with a legal obligation.

When can we refuse erasure requests?

The right to erasure does not apply where we are required to retain it for legal or regulatory purposes or where your personal information is processed for certain specified reasons, including for the exercise or defence of legal claims.

More importantly, if we have to erase your data, we may not be able to provide you with part or all of our services.

Do we have to tell other recipients of your personal information about your erasure request?

Where we have provided the personal information you want to be erased to third parties, we need to inform them about your erasure request, so they can erase the personal information in question. We will take reasonable steps to do this, but this may not always be possible or may involve a disproportionate effort.

It may also be that the recipient is not required or able to erase your personal information because one of the exemptions above applies.

RESTRICTING PROCESSING OF YOUR PERSONAL INFORMATION

When is restriction available?

You have the right to restrict the processing of your personal information:

  • where you disagree with the accuracy of the personal information, we need to restrict the processing until we have verified the accuracy of the personal information
  • when processing is unlawful and you oppose erasure and request restriction instead
  • if we no longer need the personal information but you need this to establish, exercise, or defend a legal claim
  • where you have objected to the processing in the circumstances detailed in paragraph (a) of ‘Objecting to Processing’, and we are considering whether those interests should take priority.

Do we have to tell other recipients of your personal information about the restriction?

Where we have disclosed your relevant personal information to third parties, we need to inform them about the restriction on the processing of your personal information, so that they do not continue to process this.

We will take reasonable steps to do this, but this may not always be possible or may involve a disproportionate effort.

We will also let you know if we decide to lift a restriction on processing.

TAKING YOUR PERSONAL INFORMATION WITH YOU

When does the right to data portability apply?

The right to data portability only applies:

  • to the personal information you have provided to us (which means, not any other information)
  • where the processing is based on your consent or for the performance of a contract
  • when processing is carried out by automated means.

When can we refuse requests for data portability?

We can refuse your data portability request if the processing does not satisfy the above criteria. Also, if the personal information concerns more than one individual, we may not be able to transfer this to you if doing so would prejudice that person’s rights.

OBJECTING TO PROCESSING

You can object to processing in the following circumstances:

  • Legitimate interests

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal information concerning you which is based on legitimate interests.

If we can show compelling legitimate grounds for processing your personal information that override your interests, rights, and freedoms, or we need your personal information to establish, exercise, or defend legal claims, we can continue to process it. Otherwise, we must stop using the relevant personal information.

  • Direct marketing

If you receive newsletters or other email messages from us, you can opt out at any time free of charge by contacting us via your broker.

LEGAL INFORMATION

This privacy statement has been prepared based on provisions of multiple legislations, including Regulation (EU) 2016/679 (General Data Protection Regulation).

KEY DEFINITIONS

Personal information (or Data)

Any information that directly, indirectly, or in connection with other information—including a personal identification number—allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through our application and/or our website (or third-party services employed by us), which can include: the IP addresses or domain names of your computer, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, and other), the country of origin, the features of the browser and the operating system utilised by you, the various time details per visit (for example, the time spent on each page within the Application and/or our website), and the details about the path followed within the Application and/or our website with special reference to the sequence of pages visited, and other parameters about the device operating system and/or your IT environment.